Electricity Information Sharing and Analysis Center
​​The Electricity Information Sharing and Analysis Center (E-ISAC) gathers and analyzes security data, shares appropriate data with stakeholders, coordinates incident management, and communicates mitigation strategies with stakeholders. The E-ISAC, in collaboration with the Department of Energy (DOE) and the Electricity Subsector Coordinating Council (ESCC), serves as the primary security communications channel for the electric industry and enhances industry's ability to prepare for and respond to cyber and physical threats, vulnerabilities, and incidents.
 
The E-ISAC is operated by NERC and is organizationally isolated from NERC’s enforcement processes
 
The E-ISAC: 
  • Gathers, analyzes, and shares cyber and physical threat alerts, warnings, advisories, notices, and vulnerability assessments security information provided by members;
  • Provides an electronic, secure capability for E-ISAC participants to exchange and share information on all threats to defend critical infrastructure;
  • Coordinates incident management;
  • Communicates mitigation strategies with stakeholders across sectors; and
  • Serves as a central point of coordination and communication for members.


Join the E-ISAC
All electricity asset owners and operators in North America may participate in E-ISAC activities. Suggested members include chief security officers, security directors, security supervisors, general managers of local utilities, physical security analysts, and intelligence/information analysts. Membership is free.

Register for an E-ISAC portal account at www.eisac.com.

 

Benefits Available to Members
Two-way information sharing allows the E-ISAC to help industry identify emerging trends and provide early warning, as well as access to:

  • Information Sharing: E-ISAC Portal, Emergency Notification System, NERC Alerts, Monthly Webcasts, Industry Augmentation Program.
  • Reports and Bulletins: Incident Bulletins, Weekly and Monthly Reports, Issue-Specific Assessments.
  • Exercises and Conferences: GridEx (biennial) and GridSecCon (annual).
  • Cybersecurity Risk Information Sharing Program (CRISP): Voluntary, subscription-based program that facilitates the exchange of detailed cyber security information between industry, E-ISAC, DOE, and Pacific Northwest National Laboratory.
  • Analytical Capabilities: Malware Analysis and Indicator Extraction, Campaign Link Analysis, Sector-Scale Scoping, Sector Relevance Assessments, Physical Security Outreach.